Ricardo M. Stella wrote: > Solaris 10 latest ipfilter patch is more of a bug than anything. A few > hours after having it installed on a test box, all network was blocked in > or out, EXCEPT for any opened connections (rules are set with keep state > option). > > Flushing the state table would allow new connections to be established. > > 1st test box was a SunFire v240 with bge cards. 2nd box that did not > exhibit the problem is a SunFire v440 with ce cards. And finally, some > SunFire v20z (x86) didn't see the problem - now, this have bge cards as > well but not sure all it's related. > > All I know that if I would do a 'svcadm reload ipfilter' didn't matter. > But flushing the state tables worked out. > > Patch was uninstalled and when I get time I would do more testing... >
Unfortunately there are no further updates of IPFilter planned to happen this year so the only way fixes from open source are going to make it into (Open)Solaris is if people file bugs and push things that way. Oh, that's a management decision not to do anything for IPFilter this year...go figure... Darren
